ios-2514 Auto-detect sys/acl.h availability on Linux instead of unconditional ON

[xiangguomin]

Notes for Reviewer

On Linux, IOX_PLATFORM_FEATURE_ACL defaults to ON unconditionally in
iceoryx_platform/linux/cmake/IceoryxPlatformDeployment.cmake. This causes
build failures when using hermetic toolchains (e.g. Zig/clang sysroots,
embedded cross-compilers) that do not include sys/acl.h or libacl in
their sysroot:

fatal error: sys/acl.h: No such file or directory

This PR uses CMake's check_include_file to probe for sys/acl.h at configure time:

• If found → default stays ON (no behaviour change for standard system toolchains)
• If not found → default becomes OFF, using the existing no-op stub already present in linux/include/iceoryx_platform/acl.hpp behind #if IOX_FEATURE_ACL

The cmake option() is still user-overridable in both directions.

Pre-Review Checklist for the PR Author

1. Code follows the coding style of CONTRIBUTING.md
2. Tests follow the best practice for testing
3. Changelog updated in the unreleased section including API breaking changes
4. Branch follows the naming format (iox-123-this-is-a-branch)
5. Commits messages are according to this guideline
   • Commit messages have the issue ID (iox-#123 commit text)
   • Commit author matches Eclipse Contributor Agreement (and ECA is signed)
6. Update the PR title
   • Follow the same conventions as for commit messages
   • Link to the relevant issue
7. Relevant issues are linked
8. Add sensible notes for the reviewer
9. All checks have passed (except task-list-completed)
10. Assign PR to reviewer

Checklist for the PR Reviewer

• Consider a second reviewer for complex new features or larger refactorings
• Commits are properly organized and messages are according to the guideline
• Code according to our coding style and naming conventions
• Unit tests have been written for new behavior
• Public API changes are documented via doxygen
• Copyright owner are updated in the changed files
• All touched (C/C++) source code files from iceoryx_hoofs have been added to ./clang-tidy-diff-scans.txt
• PR title describes the changes

Post-review Checklist for the PR Author

1. All open points are addressed and tracked via issues

References

• Closes IOX_PLATFORM_FEATURE_ACL defaults to ON unconditionally on Linux, breaking hermetic toolchains without sys/acl.h #2514

[elfenpiff]

@xiangguomin, please follow the contributor guidelines.

1. You need to sign the ECA with the e-mail address you used to commit. See this: https://github.com/eclipse-iceoryx/iceoryx/blob/main/CONTRIBUTING.md#eclipse-contributor-agreement
2. Every pull request requires a separate issue so that we can ensure traceability, a hard requirement for safety critical systems. So please create an issue to this PR first.
3. Every commit message shall have the prefix iox-XX where XX is the issue number.
4. Please never replace our PR template, always use it, the checklists are mandatory, see this https://github.com/eclipse-iceoryx/iceoryx/blob/main/.github/PULL_REQUEST_TEMPLATE.md The last line closes #TBD shall link again the issue

When this is done, we are happy to merge your pull request.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 77.87%. Comparing base (ffd3610) to head (194fe55).

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #2512   +/-   ##
=======================================
  Coverage   77.87%   77.87%           
=======================================
  Files         446      446           
  Lines       16301    16301           
  Branches     2320     2320           
=======================================
+ Hits        12694    12695    +1     
  Misses       2759     2759           
+ Partials      848      847    -1     

Flag	Coverage Δ
unittests	77.70% <ø> (+<0.01%)	⬆️
unittests_timing	15.00% <ø> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.
see 3 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[elBoberido]

@xiangguomin with this change it is possible that iceoryx lacks the ACL protection if the system where it is build lacks the ACL feature, without the user being aware of it, e.g. when the release happens with a github CI action. This could lead to iceoryx becoming the first chain in an attack vector. We are always opting to be safe by default but leave the option to the user to opt out. With this change, there would be a silent degradation with the user not being aware that the feature is turned off. I'm afraid, but this PR cannot be merged.

Why is the cmake option not working for you? That's the way to build iceoryx if you do not want to have ACLs.

[xiangguomin]

@xiangguomin with this change it is possible that iceoryx lacks the ACL protection if the system where it is build lacks the ACL feature, without the user being aware of it, e.g. when the release happens with a github CI action. This could lead to iceoryx becoming the first chain in an attack vector. We are always opting to be safe by default but leave the option to the user to opt out. With this change, there would be a silent degradation with the user not being aware that the feature is turned off. I'm afraid, but this PR cannot be merged.

Why is the cmake option not working for you? That's the way to build iceoryx if you do not want to have ACLs.

@elBoberido Thanks for your input. I agree with your comment. I was using 2.0.6 in our code. This option was added after that. I did not test the latest version, as we have some limitation to use the latest release. But I did a test today, this option is working correctly. I am closing this PR for now.